Details of VAR-202104-0885

ID

VAR-202104-0885

CVE

CVE-2021-1504

TITLE

Pillow Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

DESCRIPTION

Multiple vulnerabilities in Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to lack of proper input validation of the HTTPS request. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: This vulnerability affects only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Cisco Adaptive Security Appliances Software (ASA Software) is a set of firewall and network security platform of American Cisco (Cisco). The platform provides features such as highly secure access to data and network resources

Trust: 1.62

sources: NVD: CVE-2021-1504 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374558 // VULMON: CVE-2021-1504

AFFECTED PRODUCTS

vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.14	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.13	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	lt	version:	6.7.0.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.8.4.35	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	gte	version:	6.7.0	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.14.2.4	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.12.4.10	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	lt	version:	6.6.4	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.10	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.15.1.7	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.9.2.85	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.13.1.21	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	gte	version:	6.5.0	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.15	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.7	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.9	Trust: 1.0

sources: NVD: CVE-2021-1504

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1504
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1504
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202104-2072
value:	HIGH
Trust: 0.6
VULHUB:	VHN-374558
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-1504
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-1504
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-374558
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1504
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1504
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	4.0
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-374558 // VULMON: CVE-2021-1504 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-2072 // NVD: CVE-2021-1504 // NVD: CVE-2021-1504

PROBLEMTYPE DATA

problemtype:

CWE-787

Trust: 1.1

sources: VULHUB: VHN-374558 // NVD: CVE-2021-1504

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202104-2072

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:	Cisco Adaptive Security Appliances Software Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=149013	Trust: 0.6
title:	Cisco: Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services VPN Denial of Service Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-asa-ftd-vpn-dos-fpBcpEcD	Trust: 0.1

sources: VULMON: CVE-2021-1504 // CNNVD: CNNVD-202104-2072

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1504	Trust: 1.8
db:	CNNVD	id:	CNNVD-202104-2072	Trust: 0.7
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021042831	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1468	Trust: 0.6
db:	VULHUB	id:	VHN-374558	Trust: 0.1
db:	VULMON	id:	CVE-2021-1504	Trust: 0.1

sources: VULHUB: VHN-374558 // VULMON: CVE-2021-1504 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-2072 // NVD: CVE-2021-1504

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-asa-ftd-vpn-dos-fpbcpecd	Trust: 1.9
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-asa-denial-of-service-via-vpn-35189	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021042831	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1468	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1504	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/787.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-374558 // VULMON: CVE-2021-1504 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-2072 // NVD: CVE-2021-1504

SOURCES

db:	VULHUB	id:	VHN-374558
db:	VULMON	id:	CVE-2021-1504
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202104-2072
db:	NVD	id:	CVE-2021-1504

LAST UPDATE DATE

2024-08-14T12:34:15.020000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374558	date:	2021-05-05T00:00:00
db:	VULMON	id:	CVE-2021-1504	date:	2021-05-05T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202104-2072	date:	2021-05-07T00:00:00
db:	NVD	id:	CVE-2021-1504	date:	2023-11-07T03:28:27.810

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374558	date:	2021-04-29T00:00:00
db:	VULMON	id:	CVE-2021-1504	date:	2021-04-29T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202104-2072	date:	2021-04-28T00:00:00
db:	NVD	id:	CVE-2021-1504	date:	2021-04-29T18:15:09.500